Validating passcode evaluates to false

Question

Validating passcode evaluates to false

MikeTeddyOmondi opened this issue 2 years ago · 4 comments

When generating a new TOTP is successful:

      const config = generateConfig({
        digits: 6,
        period: 30,
        algo: "sha256",
        secretSize: 10,
      });

      const secret = TOTP_SECRET; // from ENV variable;
      const codes = Totp.generatePasscodes({ secret }, config);
      const totp = codes[0];

But when validating the just newly created TOTP it evaluates to false:

    const { totp } = req.body;
    const secret = TOTP_SECRET; // from ENV variable

    const config = {
      digits: 6,
      period: 30,
      algo: "sha256",
      secretSize: 10,
    };

    const isValid = Totp.validate(
      {
        passcode: totp,
        secret: secret,
      },
      config
    );
    console.log({ isValid }); // Evaluates to false when the totp is valid

What could be wrong with my code?

Answer 1 · 2023-05-23T13:25:45.000Z

Hi,

Thanks for reporting an issue.

Just to make sure the problem not coming from the secret itself can you show me how did you generate the secret ?

Thank you !

Answer 2 · 2023-05-23T13:33:17.000Z

@MarcAndreG I used the generateSecret() function provided then added it to the .env file
Like this:
const secret = TOTP_SECRET; // generateSecret();
but then I realised I also need to use this secret in another route in a backend API that's why I generated another secret and then added it to the .env file for referencing in the other route where I wanted to validate the totp

Answer 3 · 2023-06-01T11:48:14.000Z

Yes you need to use the same secret to validate.

Answer 4 · 2023-06-02T16:56:24.000Z

I am still using the same secret as shown above in the code. under secret key and value.
And what if you generate secret using the generateSecret() function?